$OpenBSD: patch-src_tools_pkcs15-tool_c,v 1.3 2016/11/24 09:54:51 dcoppa Exp $

commit 678f2bb1a65e5848dffc995f63e81d1f8092352f
Author: Ian Young <ian@iay.org.uk>
Date:   Thu Sep 8 21:05:17 2016 +0100

Make pkcs15-tool --dump object formatting consistent

Properly terminate "Encoded serial" lines so that the blank line after
X.509 certificate blocks isn't consumed doing so.

commit d97ee793337e3590bed38426a0c46d095b087d48
Author: Nuno Goncalves <nunojpg@gmail.com>
Date:   Mon Jun 6 18:29:03 2016 +0100

fix 'pkcs15-tool --read-ssh-key' crash

Don't try to free again pubkey if the parent cert has already been freed.

commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date:   Mon Oct 10 22:21:46 2016 +0200

Fix Coverity remarks

--- src/tools/pkcs15-tool.c.orig	Fri Jun  3 11:19:51 2016
+++ src/tools/pkcs15-tool.c	Thu Nov 24 09:58:03 2016
@@ -248,6 +248,7 @@ static void print_cert_info(const struct sc_pkcs15_obj
 	if (rv >= 0 && cert_parsed)   {
 		printf("\tEncoded serial : %02X %02X ", *(cert_parsed->serial), *(cert_parsed->serial + 1));
 		util_hex_dump(stdout, cert_parsed->serial + 2, cert_parsed->serial_len - 2, "");
+		printf("\n");
 		sc_pkcs15_free_certificate(cert_parsed);
 	}
 }
@@ -1051,8 +1052,8 @@ static int read_ssh_key(void)
 		fclose(outf);
 	if (cert)
 		sc_pkcs15_free_certificate(cert);
-	sc_pkcs15_free_pubkey(pubkey);
-
+	else if (pubkey)
+		sc_pkcs15_free_pubkey(pubkey);
 	return 0;
 fail:
 	printf("can't convert key: buffer too small\n");
@@ -1121,8 +1122,10 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_obje
 		r = util_getpass(&pincode, &len, stdin);
 		if (r < 0)
 			return NULL;
-		if (!pincode || strlen(pincode) == 0)
+		if (!pincode || strlen(pincode) == 0) {
+			free(pincode);
 			return NULL;
+		}
 		if (strlen(pincode) < pinfo->attrs.pin.min_length) {
 			printf("PIN code too short, try again.\n");
 			continue;
@@ -1131,7 +1134,7 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_obje
 			printf("PIN code too long, try again.\n");
 			continue;
 		}
-		return (u8 *) strdup(pincode);
+		return (u8 *) pincode;
 	}
 }
 
@@ -1491,6 +1494,7 @@ static int change_pin(void)
 
 	if (pincode && strlen((char *) pincode) == 0) {
 		fprintf(stderr, "No PIN code supplied.\n");
+		free(pincode);
 		return 2;
 	}
 
@@ -1510,6 +1514,7 @@ static int change_pin(void)
 		if (newpin == NULL || strlen((char *) newpin) == 0)   {
 			fprintf(stderr, "No new PIN value supplied.\n");
 			free(newpin);
+			free(pincode);
 			return 2;
 		}
 
